A little over three years ago, PayPal and eBay announced a way to further protect your accounts with their Security Key initiative.
The premise of the Security Key is simple. A single, hardware key is assigned to your account. Every sixty seconds or so, a new numeric key is generated using RSA’s Securid technology. Essentially, your key uses an algorithm to create a big-ass unique random number, which is truncated down to six digit number. PayPal and eBay have software that calculates the same number, which again is unique to your card. You then log in with your normal username and password, followed by your random six digit number.
I was among the first public folks to get a key, and have used it ever since.
That is, until I lost it in February.
I canceled my lost keyfob just in case someone found it. I re-enabled “regular” log ins to PayPal and eBay after following a short protocol that involved sending a SecurID-generated number to my mobile phone via a text message. I was so pleased with the way the Security Key worked with my PayPal and eBay accounts that I didn’t mind paying the $5 to get another one.
This time PayPal offered a credit card-sized Security Key in addition to the egg-shaped keyfob I had for almost three years. Sometimes I didn’t have the fob when I needed it; it was a little weird to tote around. This time I opted for the credit card Key. It arrived about two weeks later.
The credit card-shaped Key works a lot like my old keyfob. If you need a new number, you press a button. The PayPal FAQ says the keyfob generates a new number every thirty seconds, but this isn’t true. You have to push a button with both types of Security Keys.
I put my new Key in my wallet, along with my other credit cards and crap. I was concerned that I would inadvertently activate the Security Key by sitting down. I did some butt-tests and found that it takes a fair amount of force to trigger the Key. In fact, it’s more like a Vulcan nerve pinch more than a “press.”
My only regret is that I can’t use this SecurID for more sites. I keep tons of “strong,” unique passwords for various Web sites thanks to KeePass, but it would be nice to just have a simple password plus the SecurID.
I’ve used the credit card Key for over a month, and highly recommend it over the keyfob design. At this point, I don’t think there are any advantages to using the original fob over the new credit card. Regardless of what you choose, it’s well worth the $5.